From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Garnier <thgarnie@google.com>
Date: Wed,  4 Oct 2017 14:19:44 -0700
Message-Id: <20171004212003.28296-9-thgarnie@google.com>
In-Reply-To: <20171004212003.28296-1-thgarnie@google.com>
References: <20171004212003.28296-1-thgarnie@google.com>
Subject: [kernel-hardening] [RFC v3 08/27] x86/CPU: Adapt assembly for PIE support
To: Herbert Xu <herbert@gondor.apana.org.au>, "David S . Miller" <davem@davemloft.net>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>, Peter Zijlstra <peterz@infradead.org>, Josh Poimboeuf <jpoimboe@redhat.com>, Thomas Garnier <thgarnie@google.com>, Arnd Bergmann <arnd@arndb.de>, Kees Cook <keescook@chromium.org>, Matthias Kaehlcke <mka@chromium.org>, Tom Lendacky <thomas.lendacky@amd.com>, Andy Lutomirski <luto@kernel.org>, "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>, Borislav Petkov <bp@suse.de>, "Rafael J . Wysocki" <rjw@rjwysocki.net>, Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>, Juergen Gross <jgross@suse.com>, Chris Wright <chrisw@sous-sol.org>, Alok Kataria <akataria@vmware.com>, Rusty Russell <rusty@rustcorp.com.au>, Tejun Heo <tj@kernel.org>, Christoph Lameter <cl@linux.com>, Boris Ostrovsky <boris.ostrovsky@oracle.com>, Alexey Dobriyan <adobriyan@gmail.com>, Andrew Morton <akpm@linux-foundation.org>, Paul Gortmaker <paul.gortmaker@windriver.com>, Chris Metcalf <cmetcalf@mellanox.com>, "Paul E . McKenney" <paulmck@linux.vnet.ibm.com>, Nicolas Pitre <nicolas.pitre@linaro.org>, Borislav Petkov <bp@alien8.de>, "Luis R . Rodriguez" <mcgrof@kernel.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Christopher Li <sparse@chrisli.org>, Steven Rostedt <rostedt@goodmis.org>, Jason Baron <jbaron@akamai.com>, Dou Liyang <douly.fnst@cn.fujitsu.com>, "Rafael J . Wysocki" <rafael.j.wysocki@intel.com>, Mika Westerberg <mika.westerberg@linux.intel.com>, Lukas Wunner <lukas@wunner.de>, Masahiro Yamada <yamada.masahiro@socionext.com>, Alexei Starovoitov <ast@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, Markus Trippelsdorf <markus@trippelsdorf.de>, Paolo Bonzini <pbonzini@redhat.com>, =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>, Joerg Roedel <joro@8bytes.org>, Rik van Riel <riel@redhat.com>, David Howells <dhowells@redhat.com>, Ard Biesheuvel <ard.biesheuvel@linaro.org>, Waiman Long <longman@redhat.com>, Kyle Huey <me@kylehuey.com>, Andrey Ryabinin <aryabinin@virtuozzo.com>, Jonathan Corbet <corbet@lwn.net>, Matthew Wilcox <mawilcox@microsoft.com>, Michal Hocko <mhocko@suse.com>, Peter Foley <pefoley2@pefoley.com>, Paul Bolle <pebolle@tiscali.nl>, Jiri Kosina <jkosina@suse.cz>, Rob Landley <rob@landley.net>, "H . J . Lu" <hjl.tools@gmail.com>, Baoquan He <bhe@redhat.com>, =?UTF-8?q?Jan=20H=20=2E=20Sch=C3=B6nherr?= <jschoenh@amazon.de>, Daniel Micay <danielmicay@gmail.com>
Cc: x86@kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, virtualization@lists.linux-foundation.org, xen-devel@lists.xenproject.org, linux-arch@vger.kernel.org, linux-sparse@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, kernel-hardening@lists.openwall.com
List-ID: <kernel-hardening.lists.openwall.com>

Change the assembly code to use only relative references of symbols for the
kernel to be PIE compatible. Use the new _ASM_GET_PTR macro instead of
the 'mov $symbol, %dst' construct to not have an absolute reference.

Position Independent Executable (PIE) support will allow to extended the
KASLR randomization range below the -2G memory limit.

Signed-off-by: Thomas Garnier <thgarnie@google.com>
---
 arch/x86/include/asm/processor.h | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index b446c5a082ad..b09bd50b06c7 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -49,7 +49,7 @@ static inline void *current_text_addr(void)
 {
 	void *pc;
 
-	asm volatile("mov $1f, %0; 1:":"=r" (pc));
+	asm volatile(_ASM_GET_PTR(1f, %0) "; 1:":"=r" (pc));
 
 	return pc;
 }
@@ -695,6 +695,7 @@ static inline void sync_core(void)
 		: ASM_CALL_CONSTRAINT : : "memory");
 #else
 	unsigned int tmp;
+	unsigned long tmp2;
 
 	asm volatile (
 		UNWIND_HINT_SAVE
@@ -705,11 +706,13 @@ static inline void sync_core(void)
 		"pushfq\n\t"
 		"mov %%cs, %0\n\t"
 		"pushq %q0\n\t"
-		"pushq $1f\n\t"
+		"leaq 1f(%%rip), %1\n\t"
+		"pushq %1\n\t"
 		"iretq\n\t"
 		UNWIND_HINT_RESTORE
 		"1:"
-		: "=&r" (tmp), ASM_CALL_CONSTRAINT : : "cc", "memory");
+		: "=&r" (tmp), "=&r" (tmp2), ASM_CALL_CONSTRAINT
+		: : "cc", "memory");
 #endif
 }
 
-- 
2.14.2.920.gcf0c67979c-goog

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Garnier <thgarnie@google.com>
Subject: [RFC v3 08/27] x86/CPU: Adapt assembly for PIE support
Date: Wed,  4 Oct 2017 14:19:44 -0700
Message-ID: <20171004212003.28296-9-thgarnie@google.com>
References: <20171004212003.28296-1-thgarnie@google.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <20171004212003.28296-1-thgarnie@google.com>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: Herbert Xu <herbert@gondor.apana.org.au>, "David S . Miller" <davem@davemloft.net>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>, Peter Zijlstra <peterz@infradead.org>, Josh Poimboeuf <jpoimboe@redhat.com>, Thomas Garnier <thgarnie@google.com>, Arnd Bergmann <arnd@arndb.de>, Kees Cook <keescook@chromium.org>, Matthias Kaehlcke <mka@chromium.org>, Tom Lendacky <thomas.lendacky@amd.com>, Andy Lutomirski <luto@kernel.org>, "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>, Borislav Petkov <bp@suse.de>, "Rafael J . Wysocki" <rjw@rjwysocki.net>, Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>, Juergen Gross <jgross@suse.com>, Chris Wright <chrisw@sous-sol.org>, Alok Kataria <akataria@vmware.com>, Rusty Russell <rusty@rustcorp.com.au>, Tejun Heo <tj@kernel.org>, Christoph Lameter <cl@linux.com>Bor
Cc: linux-arch@vger.kernel.org, kvm@vger.kernel.org, linux-pm@vger.kernel.org, x86@kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, linux-sparse@vger.kernel.org, linux-crypto@vger.kernel.org, kernel-hardening@lists.openwall.com, xen-devel@lists.xenproject.org
List-Id: linux-arch.vger.kernel.org

Q2hhbmdlIHRoZSBhc3NlbWJseSBjb2RlIHRvIHVzZSBvbmx5IHJlbGF0aXZlIHJlZmVyZW5jZXMg
b2Ygc3ltYm9scyBmb3IgdGhlCmtlcm5lbCB0byBiZSBQSUUgY29tcGF0aWJsZS4gVXNlIHRoZSBu
ZXcgX0FTTV9HRVRfUFRSIG1hY3JvIGluc3RlYWQgb2YKdGhlICdtb3YgJHN5bWJvbCwgJWRzdCcg
Y29uc3RydWN0IHRvIG5vdCBoYXZlIGFuIGFic29sdXRlIHJlZmVyZW5jZS4KClBvc2l0aW9uIElu
ZGVwZW5kZW50IEV4ZWN1dGFibGUgKFBJRSkgc3VwcG9ydCB3aWxsIGFsbG93IHRvIGV4dGVuZGVk
IHRoZQpLQVNMUiByYW5kb21pemF0aW9uIHJhbmdlIGJlbG93IHRoZSAtMkcgbWVtb3J5IGxpbWl0
LgoKU2lnbmVkLW9mZi1ieTogVGhvbWFzIEdhcm5pZXIgPHRoZ2FybmllQGdvb2dsZS5jb20+Ci0t
LQogYXJjaC94ODYvaW5jbHVkZS9hc20vcHJvY2Vzc29yLmggfCA5ICsrKysrKy0tLQogMSBmaWxl
IGNoYW5nZWQsIDYgaW5zZXJ0aW9ucygrKSwgMyBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9h
cmNoL3g4Ni9pbmNsdWRlL2FzbS9wcm9jZXNzb3IuaCBiL2FyY2gveDg2L2luY2x1ZGUvYXNtL3By
b2Nlc3Nvci5oCmluZGV4IGI0NDZjNWEwODJhZC4uYjA5YmQ1MGIwNmM3IDEwMDY0NAotLS0gYS9h
cmNoL3g4Ni9pbmNsdWRlL2FzbS9wcm9jZXNzb3IuaAorKysgYi9hcmNoL3g4Ni9pbmNsdWRlL2Fz
bS9wcm9jZXNzb3IuaApAQCAtNDksNyArNDksNyBAQCBzdGF0aWMgaW5saW5lIHZvaWQgKmN1cnJl
bnRfdGV4dF9hZGRyKHZvaWQpCiB7CiAJdm9pZCAqcGM7CiAKLQlhc20gdm9sYXRpbGUoIm1vdiAk
MWYsICUwOyAxOiI6Ij1yIiAocGMpKTsKKwlhc20gdm9sYXRpbGUoX0FTTV9HRVRfUFRSKDFmLCAl
MCkgIjsgMToiOiI9ciIgKHBjKSk7CiAKIAlyZXR1cm4gcGM7CiB9CkBAIC02OTUsNiArNjk1LDcg
QEAgc3RhdGljIGlubGluZSB2b2lkIHN5bmNfY29yZSh2b2lkKQogCQk6IEFTTV9DQUxMX0NPTlNU
UkFJTlQgOiA6ICJtZW1vcnkiKTsKICNlbHNlCiAJdW5zaWduZWQgaW50IHRtcDsKKwl1bnNpZ25l
ZCBsb25nIHRtcDI7CiAKIAlhc20gdm9sYXRpbGUgKAogCQlVTldJTkRfSElOVF9TQVZFCkBAIC03
MDUsMTEgKzcwNiwxMyBAQCBzdGF0aWMgaW5saW5lIHZvaWQgc3luY19jb3JlKHZvaWQpCiAJCSJw
dXNoZnFcblx0IgogCQkibW92ICUlY3MsICUwXG5cdCIKIAkJInB1c2hxICVxMFxuXHQiCi0JCSJw
dXNocSAkMWZcblx0IgorCQkibGVhcSAxZiglJXJpcCksICUxXG5cdCIKKwkJInB1c2hxICUxXG5c
dCIKIAkJImlyZXRxXG5cdCIKIAkJVU5XSU5EX0hJTlRfUkVTVE9SRQogCQkiMToiCi0JCTogIj0m
ciIgKHRtcCksIEFTTV9DQUxMX0NPTlNUUkFJTlQgOiA6ICJjYyIsICJtZW1vcnkiKTsKKwkJOiAi
PSZyIiAodG1wKSwgIj0mciIgKHRtcDIpLCBBU01fQ0FMTF9DT05TVFJBSU5UCisJCTogOiAiY2Mi
LCAibWVtb3J5Iik7CiAjZW5kaWYKIH0KIAotLSAKMi4xNC4yLjkyMC5nY2YwYzY3OTc5Yy1nb29n
CgoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRl
dmVsIG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhl
bi5vcmcveGVuLWRldmVsCg==

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Garnier <thgarnie@google.com>
Subject: [RFC v3 08/27] x86/CPU: Adapt assembly for PIE support
Date: Wed,  4 Oct 2017 14:19:44 -0700
Message-ID: <20171004212003.28296-9-thgarnie@google.com>
References: <20171004212003.28296-1-thgarnie@google.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Cc: linux-arch@vger.kernel.org, kvm@vger.kernel.org, linux-pm@vger.kernel.org,
 x86@kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
 virtualization@lists.linux-foundation.org, linux-sparse@vger.kernel.org,
 linux-crypto@vger.kernel.org, kernel-hardening@lists.openwall.com,
 xen-devel@lists.xenproject.org
To: Herbert Xu <herbert@gondor.apana.org.au>,
 "David S . Miller" <davem@davemloft.net>,
 Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
 "H . Peter Anvin" <hpa@zytor.com>, Peter Zijlstra <peterz@infradead.org>,
 Josh Poimboeuf <jpoimboe@redhat.com>, Thomas Garnier <thgarnie@google.com>,
 Arnd Bergmann <arnd@arndb.de>, Kees Cook <keescook@chromium.org>,
 Matthias Kaehlcke <mka@chromium.org>,
 Tom Lendacky <thomas.lendacky@amd.com>, Andy Lutomirski <luto@kernel.org>,
 "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
 Borislav Petkov <bp@suse.de>, "Rafael J . Wysocki" <rjw@rjwysocki.net>,
 Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>,
 Juergen Gross <jgross@suse.com>, Chris Wright <chrisw@sous-sol.org>,
 Alok Kataria <akataria@vmware.com>, Rusty Russell <rusty@rustcorp.com.au>,
 Tejun Heo <tj@kernel.org>, Christoph Lameter <cl@linux.com>,
 Bor
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <20171004212003.28296-1-thgarnie@google.com>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
List-Id: linux-crypto.vger.kernel.org

Q2hhbmdlIHRoZSBhc3NlbWJseSBjb2RlIHRvIHVzZSBvbmx5IHJlbGF0aXZlIHJlZmVyZW5jZXMg
b2Ygc3ltYm9scyBmb3IgdGhlCmtlcm5lbCB0byBiZSBQSUUgY29tcGF0aWJsZS4gVXNlIHRoZSBu
ZXcgX0FTTV9HRVRfUFRSIG1hY3JvIGluc3RlYWQgb2YKdGhlICdtb3YgJHN5bWJvbCwgJWRzdCcg
Y29uc3RydWN0IHRvIG5vdCBoYXZlIGFuIGFic29sdXRlIHJlZmVyZW5jZS4KClBvc2l0aW9uIElu
ZGVwZW5kZW50IEV4ZWN1dGFibGUgKFBJRSkgc3VwcG9ydCB3aWxsIGFsbG93IHRvIGV4dGVuZGVk
IHRoZQpLQVNMUiByYW5kb21pemF0aW9uIHJhbmdlIGJlbG93IHRoZSAtMkcgbWVtb3J5IGxpbWl0
LgoKU2lnbmVkLW9mZi1ieTogVGhvbWFzIEdhcm5pZXIgPHRoZ2FybmllQGdvb2dsZS5jb20+Ci0t
LQogYXJjaC94ODYvaW5jbHVkZS9hc20vcHJvY2Vzc29yLmggfCA5ICsrKysrKy0tLQogMSBmaWxl
IGNoYW5nZWQsIDYgaW5zZXJ0aW9ucygrKSwgMyBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9h
cmNoL3g4Ni9pbmNsdWRlL2FzbS9wcm9jZXNzb3IuaCBiL2FyY2gveDg2L2luY2x1ZGUvYXNtL3By
b2Nlc3Nvci5oCmluZGV4IGI0NDZjNWEwODJhZC4uYjA5YmQ1MGIwNmM3IDEwMDY0NAotLS0gYS9h
cmNoL3g4Ni9pbmNsdWRlL2FzbS9wcm9jZXNzb3IuaAorKysgYi9hcmNoL3g4Ni9pbmNsdWRlL2Fz
bS9wcm9jZXNzb3IuaApAQCAtNDksNyArNDksNyBAQCBzdGF0aWMgaW5saW5lIHZvaWQgKmN1cnJl
bnRfdGV4dF9hZGRyKHZvaWQpCiB7CiAJdm9pZCAqcGM7CiAKLQlhc20gdm9sYXRpbGUoIm1vdiAk
MWYsICUwOyAxOiI6Ij1yIiAocGMpKTsKKwlhc20gdm9sYXRpbGUoX0FTTV9HRVRfUFRSKDFmLCAl
MCkgIjsgMToiOiI9ciIgKHBjKSk7CiAKIAlyZXR1cm4gcGM7CiB9CkBAIC02OTUsNiArNjk1LDcg
QEAgc3RhdGljIGlubGluZSB2b2lkIHN5bmNfY29yZSh2b2lkKQogCQk6IEFTTV9DQUxMX0NPTlNU
UkFJTlQgOiA6ICJtZW1vcnkiKTsKICNlbHNlCiAJdW5zaWduZWQgaW50IHRtcDsKKwl1bnNpZ25l
ZCBsb25nIHRtcDI7CiAKIAlhc20gdm9sYXRpbGUgKAogCQlVTldJTkRfSElOVF9TQVZFCkBAIC03
MDUsMTEgKzcwNiwxMyBAQCBzdGF0aWMgaW5saW5lIHZvaWQgc3luY19jb3JlKHZvaWQpCiAJCSJw
dXNoZnFcblx0IgogCQkibW92ICUlY3MsICUwXG5cdCIKIAkJInB1c2hxICVxMFxuXHQiCi0JCSJw
dXNocSAkMWZcblx0IgorCQkibGVhcSAxZiglJXJpcCksICUxXG5cdCIKKwkJInB1c2hxICUxXG5c
dCIKIAkJImlyZXRxXG5cdCIKIAkJVU5XSU5EX0hJTlRfUkVTVE9SRQogCQkiMToiCi0JCTogIj0m
ciIgKHRtcCksIEFTTV9DQUxMX0NPTlNUUkFJTlQgOiA6ICJjYyIsICJtZW1vcnkiKTsKKwkJOiAi
PSZyIiAodG1wKSwgIj0mciIgKHRtcDIpLCBBU01fQ0FMTF9DT05TVFJBSU5UCisJCTogOiAiY2Mi
LCAibWVtb3J5Iik7CiAjZW5kaWYKIH0KIAotLSAKMi4xNC4yLjkyMC5nY2YwYzY3OTc5Yy1nb29n
CgoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRl
dmVsIG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhl
bi5vcmcveGVuLWRldmVsCg==